Hi,

I need to register user in LN using Lotus internal Certificate
authority (CA process). I put two attributes "use-certificate-authority"
and "certificate-authority-org" into add operation XML object but it
does not work.

The user was created, but using cert.id file, not by using CA process
(no record in ICL database).
When I cleaned the cert-id-file field to make driver use CA process,
the registration failed with error:

LN Driver: registerNotesUser: Error registering User. ID=4300.
Message: Certifier id path not supplied.

What could I do to enable using CA process ? Domino server is 7.0.


Some detail info:
Here is the rule I put into CTP policy:
<rule>
<description>Use CA process instead of cert.id</description>
<comment name="author" xml:space="preserve">mspk</comment>
<conditions>
<and>
<if-operation op="equal">add</if-operation>
<if-class-name op="equal">User</if-class-name>
</and>
</conditions>
<actions>
<do-set-xml-attr expression="../add[@class-name='User']"
name="use-certificate-authority">
<arg-string>
<token-text xml:space="preserve">true</token-text>
</arg-string>
</do-set-xml-attr>
<do-set-xml-attr expression="../add[@class-name='User']"
name="certificate-authority-org">
<arg-string>
<token-text xml:space="preserve">/MYtest</token-text>
</arg-string>
</do-set-xml-attr>
</actions>
</rule>

The User's object looks like:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.10.4747">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add allow-adminp-support="true"
certificate-authority-org="/MYtest" certify-user="true"
class-name="Person" create-mail="true" dest-dn="CN=ps6014/O=MYtest"
event-id="Sap Soap Service#Publisher#0" expire-term="2"
extended-OU="6014" internet-password-force-change="false"
mail-acl-manager-name="CN=Administrator/O=MYtest"
mail-file-inherit-flag="true" mailfile-acl-level="EDITOR"
mailfile-adminp-create="true" notes-password-change-interval="0"
notes-password-grace-period="0"
qualified-src-dn="O=MYorg\OU=ps\OU=4000\OU=4200\OU=4230\OU=4234\ CN=ps6014"
roaming-cleanup-period="90"
roaming-cleanup-setting="REG_ROAMING_CLEANUP_EVERY_NDAYS"
roaming-server="CN=Domino1/O=novell"
roaming-subdir="Roaming\GregorMiazga" roaming-user="false"
src-dn="\IDMTREE\MYorg\ps\4000\4200\4230\4234\ps6014"
src-entry-id="34299" store-useridfile-in-ab="false"
sync-internet-password="true" tell-adminp-process="tell adminp process
all" use-certificate-authority="true" user-id-file="gm6014">
<add-attr attr-name="FullName">
.................


--
ditasec
------------------------------------------------------------------------
ditasec's Profile: http://forums.novell.com/member.php?userid=85574
View this thread: http://forums.novell.com/showthread.php?t=427449